AddAuthorizationMiddleware adds a middleware to the provided client's
transport that sets the Authorization header with the value produced by the
provided [cloud.google.com/go/auth.Credentials]. An error is returned only
if client or creds is nil.
This function does not support setting a universe domain value on the client.
NewClient returns a [net/http.Client] that can be used to communicate with a
Google cloud service, configured with the provided [Options]. It
automatically appends Authorization headers to all outgoing requests.
ClientCertProvider is a function that returns a TLS client certificate to be
used when opening TLS connections. It follows the same semantics as
[crypto/tls.Config.GetClientCertificate].
InternalOptions
typeInternalOptionsstruct{// EnableJWTWithScope specifies if scope can be used with self-signed JWT.EnableJWTWithScopebool// DefaultAudience specifies a default audience to be used as the audience// field ("aud") for the JWT token authentication.DefaultAudiencestring// DefaultEndpointTemplate combined with UniverseDomain specifies the// default endpoint.DefaultEndpointTemplatestring// DefaultMTLSEndpoint specifies the default mTLS endpoint.DefaultMTLSEndpointstring// DefaultScopes specifies the default OAuth2 scopes to be used for a// service.DefaultScopes[]string// SkipValidation bypasses validation on Options. It should only be used// internally for clients that need more control over their transport.SkipValidationbool// SkipUniverseDomainValidation skips the verification that the universe// domain configured for the client matches the universe domain configured// for the credentials. It should only be used internally for clients that// need more control over their transport. The default is false.SkipUniverseDomainValidationbool}
InternalOptions are only meant to be set by generated client code. These are
not meant to be set directly by consumers of this package. Configuration in
this type is considered EXPERIMENTAL and may be removed at any time in the
future without warning.
Options
typeOptionsstruct{// DisableTelemetry disables default telemetry (OpenTelemetry). An example// reason to do so would be to bind custom telemetry that overrides the// defaults.DisableTelemetrybool// DisableAuthentication specifies that no authentication should be used. It// is suitable only for testing and for accessing public resources, like// public Google Cloud Storage buckets.DisableAuthenticationbool// Headers are extra HTTP headers that will be appended to every outgoing// request.Headershttp.Header// BaseRoundTripper overrides the base transport used for serving requests.// If specified ClientCertProvider is ignored.BaseRoundTripperhttp.RoundTripper// Endpoint overrides the default endpoint to be used for a service.Endpointstring// APIKey specifies an API key to be used as the basis for authentication.// If set DetectOpts are ignored.APIKeystring// Credentials used to add Authorization header to all requests. If set// DetectOpts are ignored.Credentials*auth.Credentials// ClientCertProvider is a function that returns a TLS client certificate to// be used when opening TLS connections. It follows the same semantics as// crypto/tls.Config.GetClientCertificate.ClientCertProviderClientCertProvider// DetectOpts configures settings for detect Application Default// Credentials.DetectOpts*detect.DetectOptions// UniverseDomain is the default service domain for a given Cloud universe.// The default value is "googleapis.com". This is the universe domain// configured for the client, which will be compared to the universe domain// that is separately configured for the credentials.UniverseDomainstring// Logger is used for debug logging. If provided, logging will be enabled// at the loggers configured level. By default logging is disabled unless// enabled by setting GOOGLE_SDK_GO_LOGGING_LEVEL in which case a default// logger will be used. Optional.Logger*slog.Logger// InternalOptions are NOT meant to be set directly by consumers of this// package, they should only be set by generated client code.InternalOptions*InternalOptions}
Options used to configure a [net/http.Client] from [NewClient].
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-05 UTC."],[[["\u003cp\u003eThe latest version of the \u003ccode\u003ehttptransport\u003c/code\u003e package is 0.15.0, and the webpage provides links to older versions, ranging back to 0.1.1.\u003c/p\u003e\n"],["\u003cp\u003ePackage \u003ccode\u003ehttptransport\u003c/code\u003e offers tools for managing HTTP client connections with Google Cloud services, including automatic Authorization header handling.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eAddAuthorizationMiddleware\u003c/code\u003e function enhances an HTTP client by adding a middleware that sets the Authorization header using provided credentials.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eNewClient\u003c/code\u003e function creates an \u003ccode\u003ehttp.Client\u003c/code\u003e configured for Google Cloud services, automatically appending Authorization headers to requests based on provided options.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eOptions\u003c/code\u003e struct allows for customization of the \u003ccode\u003ehttp.Client\u003c/code\u003e with parameters like telemetry control, authentication disabling, custom headers, and API key usage.\u003c/p\u003e\n"]]],[],null,["# Package cloud.google.com/go/auth/httptransport (v0.16.0)\n\nVersion latestkeyboard_arrow_down\n\n- [0.16.0 (latest)](/go/docs/reference/cloud.google.com/go/auth/latest/httptransport)\n- [0.15.0](/go/docs/reference/cloud.google.com/go/auth/0.15.0/httptransport)\n- [0.14.1](/go/docs/reference/cloud.google.com/go/auth/0.14.1/httptransport)\n- [0.13.0](/go/docs/reference/cloud.google.com/go/auth/0.13.0/httptransport)\n- [0.12.1](/go/docs/reference/cloud.google.com/go/auth/0.12.1/httptransport)\n- [0.11.0](/go/docs/reference/cloud.google.com/go/auth/0.11.0/httptransport)\n- [0.10.2](/go/docs/reference/cloud.google.com/go/auth/0.10.2/httptransport)\n- [0.9.9](/go/docs/reference/cloud.google.com/go/auth/0.9.9/httptransport)\n- [0.8.1](/go/docs/reference/cloud.google.com/go/auth/0.8.1/httptransport)\n- [0.7.3](/go/docs/reference/cloud.google.com/go/auth/0.7.3/httptransport)\n- [0.6.1](/go/docs/reference/cloud.google.com/go/auth/0.6.1/httptransport)\n- [0.5.2](/go/docs/reference/cloud.google.com/go/auth/0.5.2/httptransport)\n- [0.4.2](/go/docs/reference/cloud.google.com/go/auth/0.4.2/httptransport)\n- [0.3.0](/go/docs/reference/cloud.google.com/go/auth/0.3.0/httptransport)\n- [0.2.2](/go/docs/reference/cloud.google.com/go/auth/0.2.2/httptransport)\n- [0.1.1](/go/docs/reference/cloud.google.com/go/auth/0.1.1/httptransport) \n**Note:** To get more information about this package, such as access to older versions, view [this package on pkg.go.dev](https://pkg.go.dev/cloud.google.com/go/auth/httptransport). \n\u003cbr /\u003e\n\nPackage httptransport provides functionality for managing HTTP client\nconnections to Google Cloud services. \n\nFunctions\n---------\n\n### func AddAuthorizationMiddleware\n\n func AddAuthorizationMiddleware(client *https://pkg.go.dev/net/http.https://pkg.go.dev/net/http#Client, creds */go/docs/reference/cloud.google.com/go/auth/latest./go/docs/reference/cloud.google.com/go/auth/latest#cloud_google_com_go_auth_Credentials) https://pkg.go.dev/builtin#error\n\nAddAuthorizationMiddleware adds a middleware to the provided client's\ntransport that sets the Authorization header with the value produced by the\nprovided \\[cloud.google.com/go/auth.Credentials\\]. An error is returned only\nif client or creds is nil.\n\nThis function does not support setting a universe domain value on the client. \n\n### func NewClient\n\n func NewClient(opts *#cloud_google_com_go_auth_httptransport_Options) (*https://pkg.go.dev/net/http.https://pkg.go.dev/net/http#Client, https://pkg.go.dev/builtin#error)\n\nNewClient returns a \\[net/http.Client\\] that can be used to communicate with a\nGoogle cloud service, configured with the provided \\[Options\\]. It\nautomatically appends Authorization headers to all outgoing requests. \n\n### func SetAuthHeader\n\n func SetAuthHeader(token */go/docs/reference/cloud.google.com/go/auth/latest./go/docs/reference/cloud.google.com/go/auth/latest#cloud_google_com_go_auth_Token, req *https://pkg.go.dev/net/http.https://pkg.go.dev/net/http#Request)\n\nSetAuthHeader uses the provided token to set the Authorization header on a\nrequest. If the token.Type is empty, the type is assumed to be Bearer. \n\nClientCertProvider\n------------------\n\n type ClientCertProvider = func(*https://pkg.go.dev/crypto/tls.https://pkg.go.dev/crypto/tls#CertificateRequestInfo) (*https://pkg.go.dev/crypto/tls.https://pkg.go.dev/crypto/tls#Certificate, https://pkg.go.dev/builtin#error)\n\nClientCertProvider is a function that returns a TLS client certificate to be\nused when opening TLS connections. It follows the same semantics as\n\\[crypto/tls.Config.GetClientCertificate\\]. \n\nInternalOptions\n---------------\n\n type InternalOptions struct {\n \t// EnableJWTWithScope specifies if scope can be used with self-signed JWT.\n \tEnableJWTWithScope https://pkg.go.dev/builtin#bool\n \t// DefaultAudience specifies a default audience to be used as the audience\n \t// field (\"aud\") for the JWT token authentication.\n \tDefaultAudience https://pkg.go.dev/builtin#string\n \t// DefaultEndpointTemplate combined with UniverseDomain specifies the\n \t// default endpoint.\n \tDefaultEndpointTemplate https://pkg.go.dev/builtin#string\n \t// DefaultMTLSEndpoint specifies the default mTLS endpoint.\n \tDefaultMTLSEndpoint https://pkg.go.dev/builtin#string\n \t// DefaultScopes specifies the default OAuth2 scopes to be used for a\n \t// service.\n \tDefaultScopes []https://pkg.go.dev/builtin#string\n \t// SkipValidation bypasses validation on Options. It should only be used\n \t// internally for clients that need more control over their transport.\n \tSkipValidation https://pkg.go.dev/builtin#bool\n \t// SkipUniverseDomainValidation skips the verification that the universe\n \t// domain configured for the client matches the universe domain configured\n \t// for the credentials. It should only be used internally for clients that\n \t// need more control over their transport. The default is false.\n \tSkipUniverseDomainValidation https://pkg.go.dev/builtin#bool\n }\n\nInternalOptions are only meant to be set by generated client code. These are\nnot meant to be set directly by consumers of this package. Configuration in\nthis type is considered EXPERIMENTAL and may be removed at any time in the\nfuture without warning. \n\nOptions\n-------\n\n type Options struct {\n \t// DisableTelemetry disables default telemetry (OpenTelemetry). An example\n \t// reason to do so would be to bind custom telemetry that overrides the\n \t// defaults.\n \tDisableTelemetry https://pkg.go.dev/builtin#bool\n \t// DisableAuthentication specifies that no authentication should be used. It\n \t// is suitable only for testing and for accessing public resources, like\n \t// public Google Cloud Storage buckets.\n \tDisableAuthentication https://pkg.go.dev/builtin#bool\n \t// Headers are extra HTTP headers that will be appended to every outgoing\n \t// request.\n \tHeaders https://pkg.go.dev/net/http.https://pkg.go.dev/net/http#Header\n \t// BaseRoundTripper overrides the base transport used for serving requests.\n \t// If specified ClientCertProvider is ignored.\n \tBaseRoundTripper https://pkg.go.dev/net/http.https://pkg.go.dev/net/http#RoundTripper\n \t// Endpoint overrides the default endpoint to be used for a service.\n \tEndpoint https://pkg.go.dev/builtin#string\n \t// APIKey specifies an API key to be used as the basis for authentication.\n \t// If set DetectOpts are ignored.\n \tAPIKey https://pkg.go.dev/builtin#string\n \t// Credentials used to add Authorization header to all requests. If set\n \t// DetectOpts are ignored.\n \tCredentials */go/docs/reference/cloud.google.com/go/auth/latest./go/docs/reference/cloud.google.com/go/auth/latest#cloud_google_com_go_auth_Credentials\n \t// ClientCertProvider is a function that returns a TLS client certificate to\n \t// be used when opening TLS connections. It follows the same semantics as\n \t// crypto/tls.Config.GetClientCertificate.\n \tClientCertProvider #cloud_google_com_go_auth_httptransport_ClientCertProvider\n \t// DetectOpts configures settings for detect Application Default\n \t// Credentials.\n \tDetectOpts */go/docs/reference/cloud.google.com/go/auth/latest/credentials./go/docs/reference/cloud.google.com/go/auth/latest/credentials#cloud_google_com_go_auth_credentials_DetectOptions\n \t// UniverseDomain is the default service domain for a given Cloud universe.\n \t// The default value is \"googleapis.com\". This is the universe domain\n \t// configured for the client, which will be compared to the universe domain\n \t// that is separately configured for the credentials.\n \tUniverseDomain https://pkg.go.dev/builtin#string\n \t// Logger is used for debug logging. If provided, logging will be enabled\n \t// at the loggers configured level. By default logging is disabled unless\n \t// enabled by setting GOOGLE_SDK_GO_LOGGING_LEVEL in which case a default\n \t// logger will be used. Optional.\n \tLogger *https://pkg.go.dev/log/slog.https://pkg.go.dev/log/slog#Logger\n\n \t// InternalOptions are NOT meant to be set directly by consumers of this\n \t// package, they should only be set by generated client code.\n \tInternalOptions *#cloud_google_com_go_auth_httptransport_InternalOptions\n }\n\nOptions used to configure a \\[net/http.Client\\] from \\[NewClient\\]."]]
